Duffy’s Sports Grill Hit by Qilin Ransomware Attack, Disrupting Payments and Loyalty Programs
In March 2026, Duffy’s Sports Grill, a South Florida-based casual dining chain, fell victim to a ransomware attack attributed to the cybercriminal group Qilin. The incident, which emerged in late March, paralyzed the company’s internal systems, leading to widespread operational disruptions across multiple locations.
The attack crippled payment processing, forcing some Duffy’s staff to manually record customers’ credit card details a practice flagged by cybersecurity experts as high-risk and potentially non-compliant with payment industry standards. The chain’s MVP loyalty rewards program was also impacted, with members unable to access or earn points for at least a week, further straining customer relations.
Qilin, known for targeting mid-sized businesses, claimed responsibility for the attack, though details about data exposure or ransom demands remain unconfirmed. Duffy’s Sports Grill has not publicly responded to the incident or the group’s claims. Cybersecurity monitoring reports indicate the attack aligns with Qilin’s tactics, though independent verification is pending due to the company’s silence.
The disruption lasted at least seven days, leaving customers and employees navigating workarounds while the chain worked to restore systems. The incident underscores the vulnerabilities mid-sized businesses face from ransomware threats.
Duffy's Sports Grill cybersecurity rating report: https://www.rankiteo.com/company/duffys-sports-grill
"id": "DUF1774369684",
"linkid": "duffys-sports-grill",
"type": "Ransomware",
"date": "3/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'hospitality',
'location': 'South Florida',
'name': 'Duffy’s Sports Grill',
'size': 'mid-sized',
'type': 'casual dining chain'}],
'data_breach': {'personally_identifiable_information': 'credit card details '
'(manually recorded)'},
'date_detected': '2026-03',
'date_publicly_disclosed': '2026-03',
'description': 'In March 2026, Duffy’s Sports Grill, a South Florida-based '
'casual dining chain, fell victim to a ransomware attack '
'attributed to the cybercriminal group Qilin. The incident '
'paralyzed the company’s internal systems, leading to '
'widespread operational disruptions across multiple locations. '
'The attack crippled payment processing, forcing staff to '
'manually record customers’ credit card details, and impacted '
'the MVP loyalty rewards program, preventing members from '
'accessing or earning points for at least a week.',
'impact': {'downtime': '7 days',
'identity_theft_risk': 'potential due to manual recording of '
'credit card details',
'operational_impact': 'widespread operational disruptions, manual '
'workarounds for payment processing',
'payment_information_risk': 'high',
'systems_affected': ['payment processing',
'MVP loyalty rewards program']},
'investigation_status': 'pending independent verification',
'ransomware': {'ransomware_strain': 'Qilin'},
'references': [{'source': 'Cybersecurity monitoring reports'}],
'regulatory_compliance': {'regulations_violated': ['potential PCI DSS '
'non-compliance']},
'response': {'recovery_measures': 'system restoration in progress'},
'threat_actor': 'Qilin',
'title': 'Duffy’s Sports Grill Hit by Qilin Ransomware Attack',
'type': 'ransomware'}